IBM Provides Organizations With Weapons to Fight IT Security Breaches

New Software Tools Allow Developers to Leverage Open Standards to Build Security Into Applications

ARMONK, NY - 22 Jun 2006: IBM today announced new software to help customers and software developers build security into their business applications, thereby putting them in a much stronger position in the battle against hackers, identity thieves and malicious users. The security tools are available to users at no charge. This is IBM’s latest effort to help thwart IT security breaches affecting both big and small businesses.

The design, construction and operation of secure applications and systems are challenging tasks for organizations around the world. With this new software, developers and application providers can more easily engineer security into the software lifecycle process at the beginning of their design to help make businesses and consumers less vulnerable to security attacks, as opposed to plugging security holes with patches after the damage is done.

The new technologies allow users to automatically develop secure applications as they are added into the IT infrastructure and encrypt business information with no human interaction, saving companies significant time and money.

Security continues to be a key issue for organizations today. Nearly 60 percent of U.S. businesses believe that cybercrime is more costly to them than physical crime. In fact, the FBI estimates that cyber crime cost U.S. organizations more than $62 billion in 2005. One of the most daunting challenges for organizations is that many software products contain security flaws in architecture, design, or implementation and organizations are constantly playing catch-up instead of “locking the door” against security breaches.

Developed at IBM Research Labs, the new offerings allow developers to take a proactive approach to ensure that applications are secure from the onset versus going through the timely and costly steps of securing applications once bugs and breaches have been detected. These new emerging technologies better secure business applications from their inception, providing increased security for Java applications and automated encryption of information shared across networks.

“Security has become top of mind among corporate software developers, independent software vendors and academia, as data protection has become a key boardroom issue,” said Buell Duncan, General Manager, ISV and Developer Relations, IBM. “Whether it is the theft of credit card information from a retail Web site, or the pilfering of private employee data from corporate data sources, all companies are at risk of having their business and reputation impacted by hackers and malicious internal users.”

The new technologies are hosted on alphaWorks, IBM’s online outlet for innovative, emerging technologies. Today, more than 90 of the Fortune 100 companies are taking advantage of IBM’s emerging technologies and resources. IBM makes emerging technologies like these available to developers through alphaWorks in an effort to obtain real world feedback from developers, and make necessary improvements based on that input. In 2005, 32 alphaWorks technologies became part of IBM products or were donated to open source.

The new software offerings available today include:

Automatic Data Encryption -- the IBM Secure Shell Library for Java automatically encrypts data transmitted from one computer to another, including passwords and information stored in files, therefore preventing it from being exposed to hackers and other online menaces. Using this technology, organizations can now transfer large amounts of information between servers in a secure manner, which adheres to a defined SSH standard, an industry security standard for transferring data. This is a critical need for organizations in industries such as banking, e-commerce and healthcare where privacy and secure data transfers are critical requirements to protect consumer data. No other vendor provides this level of support for Java applications.

Increased Security for Java Applications -- the Security Workbench Development Environment for Java (SWORD4J) allows developers to easily configure and validate Java applications that support the Java and OSGi industry security standards. Available as a set of Eclipse IDE plug-ins, the tool detects and reports violations of security best practices that can often be corrected through the click of a mouse. Also, developers and application providers can easily identify authorization requirements and embed authorization privileges when building new applications. Identifying the authorization requirements and defining the authorization policies has traditionally been difficult and error prone. Typically developers need to run applications through many test cases to correctly configure authorization policies. Without running the application code, this new tool determines its authorization requirements, so developers can bypass the tedious work of the testing-based approach. This results in more accurate security policies with far less effort. This tool supports code signing and can also be run in a non-IDE mode as part of an application build process.

For more information, go to www.alphaworks.ibm.com

Contact Information

Matt Berry

IBM

Contact via E-mail